Share This Post

Researchers from Kaspersky Lab have discovered a malicious loader called Slingshot, which is actively attacking users through routers for last six years without being detected.

Typically, the routers download and run a number of DLL (dynamic link library) files from the devices. The attackers used routers to add a malicious DLL to the package of other legitimate DLLs. These malicious DLLs compromise the connected devices by targeting the memory.

The vulnerabilities were discovered in routers made by MikroTik. The users of MikroTik routers run WinBox Loader software for router connectivity. When this software is run, the device is connected to a remote server to download Slingshot malware. Researchers said that this malware includes two modules called Cahnadr and GollumApp, which enable data theft.

Cahnadr is a kernel mode module which handles the complete control of the infected computer to the attacker with no restrictions. It can execute malicious code in the system without causing a blue screen.

“What makes Slingshot really dangerous is the numerous tricks its actors use to avoid detection. It can even shut down its components when it detects signs that might indicate forensic research. Furthermore, Slingshot uses its own encrypted file system in an unused part of a hard drive,” noted Kaspersky researchers.

The researchers also said that Slingshot is a complex malware and developers who built it might have spent a huge amount of time and money. “Its infection vector is remarkable – and, to the best of our knowledge, unique.”

Categories

Categories

Get the latest information related to what’s trending in the web hosting, domain, data center and reseller industry. A one-stop destination for IT news, CXOs’ interviews, articles and infographics for web hosting providers and IT professionals.